DNS in 2003 Domain

Archived from groups: microsoft.public.win2000.dns (More info?)

All,
I'm fairly new to DNS in a 2003 domain. I've been tasked with making
the DNS more efficient and seeing what can be done to improve it. The
domain was migrated from a Win 2000 domain. I've been looking at the
DNS structure we currently have, and been reading up on MS's site
regarding the _msdcs bits.

At the moment, we have a structure in DNS as such:

Under the Forward Lookup Zone, we have DOMAIN.com, under DOMAIN.com
there are 4 folders/containers called _msdcs, _sites, _tcp, _udp,
DomainDnsZones, ForestDnsZones.

What I cant get my head around is whether this layout is correct. On
MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part as
_msdcs.forestname and talks about going into its properties etc, but
there is no properties tab for _msdcs.

There is no Application Directory partition set up as yet. Our root
domain controller is 2003, but we have a mixture of 2000 and 2003
DC's.

Can anyone inform me about what the DNS layout structure should look
like now we're on a 2003 domain, and how it can be optimised. At
present our DNS works, but it hasnt been touched since we upgraded to
2003.

Any help greatly appreciated.


--
bassaddict
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message1139050.html
6 answers Last reply
More about 2003 domain
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "" wrote:
    > All,
    > I'm fairly new to DNS in a 2003 domain. I've been tasked with
    > making
    > the DNS more efficient and seeing what can be done to improve
    > it. The
    > domain was migrated from a Win 2000 domain. I've been looking
    > at the
    > DNS structure we currently have, and been reading up on MS's
    > site
    > regarding the _msdcs bits.
    >
    > At the moment, we have a structure in DNS as such:
    >
    > Under the Forward Lookup Zone, we have DOMAIN.com, under
    > DOMAIN.com
    > there are 4 folders/containers called _msdcs, _sites, _tcp,
    > _udp,
    > DomainDnsZones, ForestDnsZones.
    >
    > What I cant get my head around is whether this layout is
    > correct. On
    > MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part
    > as
    > _msdcs.forestname and talks about going into its properties
    > etc, but
    > there is no properties tab for _msdcs.
    >
    > There is no Application Directory partition set up as yet. Our
    > root
    > domain controller is 2003, but we have a mixture of 2000 and
    > 2003
    > DC's.
    >
    > Can anyone inform me about what the DNS layout structure
    > should look
    > like now we're on a 2003 domain, and how it can be optimised.
    > At
    > present our DNS works, but it hasnt been touched since we
    > upgraded to
    > 2003.
    >
    > Any help greatly appreciated.
    >
    >
    >
    > --
    > bassaddict
    > --------------------------------------------------------------
    > ----------
    > Posted via http://www.webservertalk.com
    > --------------------------------------------------------------
    > ----------
    > View this thread:
    > http://www.webservertalk.com/message1139050.html

    when you have a DNS zone (e.g. DOMAIN.COM) for the AD domain
    DOMAIN.COM, that zone automatically has 4 underscores domains and if
    it is w2k3 DCs with DNS you will also have application partitions
    (domainzones and forestzones) that dictate the replication scope of a
    zone.

    The underscore domain has DNS resource records from DCs that provide
    services. This is for all domains in a forest.

    However, the _MSDCS DNS subdomain of the AD forest root domain hosts
    records for all DCs in the forest, no matter what domain they are in!.
    All the DCs in the forest use that _MSDCS DNS domain in forest root AD
    domain. When you have a single domain forest you can leave it at the
    default as all DCs in the domain that are also DNS have a copy of it
    to read and to register.
    This is different in a multiple domain forest. As all DCs in the
    forest use the _MSDCS DNS domain of the forest root AD domain it is
    best the DNS servers in those AD domains have a copy of it.
    With W2K3 DCs/DNS servers it is possible to create a AD integrated
    zone (e.g. _MSDCS.DOMAIN.COM) and assign a replication scope (e.g.
    forest wide to all DNS servers). This way all W2K3 DC/DNS servers will
    receive a read/write copy of it.
    With W2K DCs/DNS servers it is possible to create a AD integrated zone
    (e.g. _MSDCS.DOMAIN.COM) but NOT to assign a replication scope. A
    read/write copy cannot leave the w2k DC/DNS servers of the forest root
    ad domain. To enable that DCs/DNS servers still at least receive a
    read copy of the zone set up secondary DNS zone for the
    _MSDCS.DOMAIN.COM on those DC/DNS in the non-forest root AD domains
    and use the DNS servers in the forest root AD domain as the master
    servers.

    Did this explanation help you?

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/DNS-2003-Domain-ftopict398341.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1317950
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:bassaddict.1sgxt3@mail.webservertalk.com,
    bassaddict <bassaddict.1sgxt3@mail.webservertalk.com> stated, which I then
    commented on below:
    > All,
    > I'm fairly new to DNS in a 2003 domain. I've been tasked with making
    > the DNS more efficient and seeing what can be done to improve it. The
    > domain was migrated from a Win 2000 domain. I've been looking at the
    > DNS structure we currently have, and been reading up on MS's site
    > regarding the _msdcs bits.
    >
    > At the moment, we have a structure in DNS as such:
    >
    > Under the Forward Lookup Zone, we have DOMAIN.com, under DOMAIN.com
    > there are 4 folders/containers called _msdcs, _sites, _tcp, _udp,
    > DomainDnsZones, ForestDnsZones.
    >
    > What I cant get my head around is whether this layout is correct. On
    > MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part as
    > _msdcs.forestname and talks about going into its properties etc, but
    > there is no properties tab for _msdcs.
    >
    > There is no Application Directory partition set up as yet. Our root
    > domain controller is 2003, but we have a mixture of 2000 and 2003
    > DC's.
    >
    > Can anyone inform me about what the DNS layout structure should look
    > like now we're on a 2003 domain, and how it can be optimised. At
    > present our DNS works, but it hasnt been touched since we upgraded to
    > 2003.
    >
    > Any help greatly appreciated.

    In addition to Jorge's reply, the _msdcs zone under your domain.com zone is
    delegated to your own server, thus why it should show up as a completely
    separate name space. If it doesn't, then there's an issue. That zone needs
    to be available everywhere in the forest and it;s replication scope is set
    to the ForestDnsZones app partition to be available as such. But if you are
    in a mixed environment, that zone is not available on a Win2000 DC.

    It would be easier to move your DNS services to only the Win2003 server and
    uninstall DNS off the Win2000 servers, to handle this function. If you are
    looking at the DNS zones on a Win2000 DNS console, those Win2003 properties
    will not be available hence a possible part of the confusion.

    Look at it under Win2003 and let us know if that zone exists. If they do
    not, follow that article you posted to fix it.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Hey

    Thanks to both of you for your replies. Let me just clarify the
    existing set up. Our Forest Root is 2003, and we have a mixture of Win
    2000 and Win 2003 DCs and DNS Servers. All of our 15 branch offices
    have 2 DNS servers / DC's, one being Win 2000 and one being Win 2003.
    Each server points to itself for lookups and then to the Forest Root
    which is located at head office. Is this good practice?

    On our 2003 DNS servers, the option to create a default application
    directory partition is available (but not on the 2000 DNS boxes). Am i
    correct in thinking to set this up though, all DNS servers should be
    running on 2003? In my proposal, I am recommending upgrading all 2000
    to 2003 DNS and using Application Directory Partition to improve
    replication, but does the Forest Functional level need to be raised to
    2003?

    Underneath our ForwardLookupZone, we have our domain (lets call it
    domain.com) Underneath here, we have the default _msdcs, _sites, _tcp,
    _udp, DomainDnsZones and ForestDnsZones. The DNS is active directory
    integrated and uses forwarders to the forest root without recursion for
    the domain, and then the Forest Root forwards WITH recursion to the ISP
    DNS servers.

    From one of our Win 2000 boxes, the same subdomains as above exist and
    all replicate to each other.

    So are you saying the Application Directory replication is not
    available on 2000 DOMAINS or DCs/DNS servers? Because the option is
    there to create one from one of our 2003 DNS servers.

    Sorry if I sound like a beginner with DNS.... its because I am ! But I
    appreciate how helpful you are.

    Cheers


    --
    bassaddict
    ------------------------------------------------------------------------
    Posted via http://www.webservertalk.com
    ------------------------------------------------------------------------
    View this thread: http://www.webservertalk.com/message1139050.html
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    Oh and by the way, we have no Forest Root Domain, just a Domain
    Controller that is the forest root for the whole domain. I am confusing
    myself as I've been told that _msdcs.forestname should sit about the
    DOMAIN.COM zone in DNS. But ours sits below. -

    Still, anything else you can add??


    --
    bassaddict
    ------------------------------------------------------------------------
    Posted via http://www.webservertalk.com
    ------------------------------------------------------------------------
    View this thread: http://www.webservertalk.com/message1139050.html
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:bassaddict.1ss1t3@mail.webservertalk.com,
    bassaddict <bassaddict.1ss1t3@mail.webservertalk.com> stated, which I then
    commented on below:
    > Hey
    >
    > Thanks to both of you for your replies. Let me just clarify the
    > existing set up. Our Forest Root is 2003, and we have a mixture of Win
    > 2000 and Win 2003 DCs and DNS Servers. All of our 15 branch offices
    > have 2 DNS servers / DC's, one being Win 2000 and one being Win 2003.
    > Each server points to itself for lookups and then to the Forest Root
    > which is located at head office. Is this good practice?
    >
    > On our 2003 DNS servers, the option to create a default application
    > directory partition is available (but not on the 2000 DNS boxes). Am i
    > correct in thinking to set this up though, all DNS servers should be
    > running on 2003? In my proposal, I am recommending upgrading all 2000
    > to 2003 DNS and using Application Directory Partition to improve
    > replication, but does the Forest Functional level need to be raised to
    > 2003?
    >
    > Underneath our ForwardLookupZone, we have our domain (lets call it
    > domain.com) Underneath here, we have the default _msdcs, _sites, _tcp,
    > _udp, DomainDnsZones and ForestDnsZones. The DNS is active directory
    > integrated and uses forwarders to the forest root without recursion
    > for the domain, and then the Forest Root forwards WITH recursion to
    > the ISP DNS servers.

    If you have a child domain, and are delegating the child namespace to the
    child domain's DNS servers, then yes, you would forward from the child
    domain's DNS to the parent domain's DNS.

    OTHERWISE, if you only have ONE domain, DO NOT FORWARD TO EACH OTHER or to
    any others in the same domain. This will cause a forwarding loop and you
    will be bound with issues. Configuring as such is only for a delegation or
    stub scenario with child domains. If you have only one domain, as indicated
    in your more recent post, forward from each INDIVIDUAL DNS to the ISP. Allow
    recursion.

    >
    > From one of our Win 2000 boxes, the same subdomains as above exist and
    > all replicate to each other.

    The folders underneath with the underscores in them (e.g. _msdcs, _tcp,
    _upd, and _sites), as you call "subdomains" are actually the SRV records,
    and not necessarily subdomains. These are the service location records that
    a DC registers into DNS and is used to locate domain controller services.

    So I'm not entirely sure what you mean by they "...all replicate with each
    other". Zone data in any AD Integrated zone types, since they are stored in
    the actual physical AD database, will replicate to other DC/DNS servers
    along with the default AD replication cycle, since they are part of the AD
    database. If the understanding is skewed meaning you thought they replicate
    "with each other", then in a way, they do, but all the data is replicated
    based on AD's replication process just because they are part of the
    database.

    >
    > So are you saying the Application Directory replication is not
    > available on 2000 DOMAINS or DCs/DNS servers? Because the option is
    > there to create one from one of our 2003 DNS servers.

    The Application Partitions are not available for use by a Windows 2000
    DC/DNS, albeit the partitions exist on such a machine, but it;s just that
    you can't take advantage of the feature. The ability to use that feature is
    only available by using Windows 2003 DC/DNS servers.

    >
    > Sorry if I sound like a beginner with DNS.... its because I am ! But I
    > appreciate how helpful you are.
    >
    > Cheers

    No problem. The only way you'll find out is if you ask!

    Ace
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:bassaddict.1sstl5@mail.webservertalk.com,
    bassaddict <bassaddict.1sstl5@mail.webservertalk.com> stated, which I then
    commented on below:
    > Oh and by the way, we have no Forest Root Domain, just a Domain
    > Controller that is the forest root for the whole domain. I am
    > confusing myself as I've been told that _msdcs.forestname should sit
    > about the DOMAIN.COM zone in DNS. But ours sits below. -
    >
    > Still, anything else you can add??

    My take is to move DNS services to only Windows 2003 servers. Once that is
    done, then all the features will be of benefit.

    Keep in mind, when choosing replication scope, the bottom radio button is
    the DomainNC partition, which is one of the three logical partitions in a
    Win2000 domain database. That is the one you need to choose if you are in a
    mixed environment. If you chose to set the scope to one of the above radio
    buttons, then that zone will only be available on a Win2003 DC/DNS server.

    Once you have moved all DNS services to your Win2003 DC/DNS servers, then
    the _msdcs zone should appear as a separate namespace that is delegated from
    itself under the domain.com zone, which in that case, the _msdcs zone will
    now appear as a grayed out folder. If you look at the _msdcs.domain.com
    zone, you will now find it's replication scope set to the Forest app
    partition.

    Ace
Ask a new question

Read More

Domain DNS Windows